Total
9536 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0011 | 1 Citrix | 1 Access Gateway | 2025-04-09 | 5.0 MEDIUM | N/A |
| The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. | |||||
| CVE-2008-3458 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 5.0 MEDIUM | N/A |
| Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. | |||||
| CVE-2008-4278 | 2 Microsoft, Vmware | 3 Windows, Virtual Infrastructure Client, Virtualcenter | 2025-04-09 | 2.1 LOW | N/A |
| VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password. | |||||
| CVE-2007-4688 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query. | |||||
| CVE-2007-0042 | 1 Microsoft | 5 .net Framework, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | 7.8 HIGH | N/A |
| Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." | |||||
| CVE-2007-1167 | 1 Dzcp | 1 Dev\!l\'z Clanportal | 2025-04-09 | 5.0 MEDIUM | N/A |
| inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter. | |||||
| CVE-2008-3078 | 1 Opera | 1 Opera Browser | 2025-04-09 | 7.8 HIGH | N/A |
| Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image. | |||||
| CVE-2008-4164 | 1 Memht | 1 Memht Portal | 2025-04-09 | 2.6 LOW | N/A |
| cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | |||||
| CVE-2007-0979 | 1 Lifetype | 1 Lifetype | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a "crafted URL." | |||||
| CVE-2009-4466 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | 5.0 MEDIUM | N/A |
| DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption). | |||||
| CVE-2008-1580 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879. | |||||
| CVE-2008-2004 | 1 Qemu | 1 Qemu | 2025-04-09 | 4.9 MEDIUM | N/A |
| The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. | |||||
| CVE-2009-0783 | 1 Apache | 1 Tomcat | 2025-04-09 | 4.6 MEDIUM | 4.2 MEDIUM |
| Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | |||||
| CVE-2008-3094 | 1 Organic Groups Project | 1 Organic Groups | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors. | |||||
| CVE-2008-4308 | 1 Apache | 1 Tomcat | 2025-04-09 | 2.6 LOW | N/A |
| The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. | |||||
| CVE-2008-3962 | 1 Ssmtp | 1 Ssmtp | 2025-04-09 | 2.6 LOW | N/A |
| The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message. | |||||
| CVE-2007-6190 | 1 Cisco | 1 Unified Ip Phone | 2025-04-09 | 3.5 LOW | N/A |
| The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. | |||||
| CVE-2009-0474 | 1 Rockwellautomation | 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge | 2025-04-09 | 5.0 MEDIUM | N/A |
| The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603. | |||||
| CVE-2007-6283 | 4 Centos, Fedoraproject, Oracle and 1 more | 9 Centos, Fedora Core, Linux and 6 more | 2025-04-09 | 4.9 MEDIUM | N/A |
| Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. | |||||
| CVE-2007-6502 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 5.5 MEDIUM | N/A |
| Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found. | |||||